Related Articles

When you are running your own business, a computer infected with a virus can cost you money, both in terms of lost time and possible damage to your hardware. If you notice that your Windows PC seems sluggish or you see numerous runaway processes, you could be infected with the CSRSS virus, officially called W32/Nettsky.ab@MMt. What makes this virus deceptive is that csrss.exe is a legitimate file in the Windows operating system. The virus overwrites this file, substituting an infected version. The virus can be removed and disabled by using Regedit, the Windows registry editor, but you must first verify that the csrss.exe file is actually infected before you delete it.

Verify the Csrss.exe File

1.

Right-click on the taskbar and select "Start Task Manager" from the context menu.

2.

Click on the "Processes" tab, and then click on the "Processes" column to sort the running processes by name.

3.

Look for the csrss.exe file in the list of processes. Right-click on the file and select "Delete" from the context menu. If Windows prompts you with a message box, it means the file is not infected, so do not delete it. If Windows doesn't prompt you, then the file is infected and should be removed with Regedit as explained below.

Deleting Csrss.exe With Regedit

1.

Click "Start," select "Run" from the Windows Start menu and type "regedit.exe" in the Run box.

2.

Back up your registry before making any changes. Click "File" on the Regedit menu, then click "Export." Save the exported registry file to a safe location on your hard drive or external storage media.

3.

Click "Edit" in the Regedit menu and select "Find."

4.

Type the following path into the search box:

HKEY_LOCAL_MACHINE\Software\Csrss.exe

Click "Find next" to search for the file.

5.

Right-click on the "csrss.exe" file in the search results and select "Delete" from the context menu.

6.

Click "File" and "Exit" to close Regedit.

References (2)

About the Author

Nathan McGinty started writing in 1995. He has a Bachelor of Science in communications from the University of Texas at Austin and a Master of Arts in international journalism from City University, London. He has worked in the technology industry for more than 20 years, in positions ranging from tech support to marketing.

Photo Credits

Jupiterimages/Pixland/Getty Images

bibliography-iconicon for annotation tool Cite this Article

Choose Citation Style

McGinty, Nathan. "How to Remove and Disable the CSRSS Virus With Regedit." Small Business - Chron.com, http://smallbusiness.chron.com/remove-disable-csrss-virus-regedit-56515.html. Accessed 14 September 2019.

McGinty, Nathan. (n.d.). How to Remove and Disable the CSRSS Virus With Regedit. Small Business - Chron.com. Retrieved from http://smallbusiness.chron.com/remove-disable-csrss-virus-regedit-56515.html